In a file sharing system in which the user uploads a file onto a server apparatus, and that file is shared by a plurality of users, as a method of maintaining the secrecy of file with respect to the server apparatus, the following three methods are used.
(1) An individual key system for encrypting a file by means of an individual encryption key for each user.
(2) A common key system for encrypting a file by means of an encryption key common to respective users.
(3) A re-encryption system for encrypting a file using a proxy re-encryption system.
In the systems (1) to (3), assume that a user A uploads a file onto a server apparatus, and the user A shares the file with users B and C.
In the individual key system (1), each user has a pair of a private key and public key, which are different for each user. The user A encrypts a file by means of a public key of the user B, and uploads the encrypted file onto the server apparatus. Note that the public key of the user B is an individual encryption key for the user B. Likewise, the user A encrypts a file by means of a public key of the user C, and uploads the encrypted file onto the server. The public key of the user C is an individual encryption key for the user C. That is, the user A encrypts a file individually for the users who share that file.
In the common key system (2), each user shares a pair of a private key and public key, which are common to the respective users. The user A encrypts a file by means of a public key (as an encryption key common to the respective users), and uploads the encrypted file onto the server apparatus. The respective users share an identical private key.
In the proxy re-encryption system (3), each user has a pair of a private key and public key, which are different for respective users like in the individual key system (1). However, unlike in the individual key system (1), the user A need only encrypt a file by means of a public key (to be referred to as a group public key hereinafter) of an entity (to be referred to as a group administrator hereinafter) who manages a group of users. The server apparatus re-encrypts the encrypted file (uploaded by the user A) based on a re-encryption key. By the re-encryption, an encrypted file which can be decrypted by each user is generated. Details of the proxy re-encryption system will be described later.
In the individual key system (1), when a file is to be shared also by a new user D, the user A has to encrypt a file by means of a public key of the user D, and has to upload the encrypted file onto the server apparatus, thus posing a problem. Note that the public key of the user D is an individual encryption key for the user D. Therefore, the system (1) is not suitable for the file sharing system since troublesome processing is required at the time of addition of a new user when the number of new users or the number of files to be shared is large.
In the common key system (2), when a file sharing permission for a certain user is canceled from a certain timing (to exclude that user from the file sharing system), a mechanism for updating the private key and public key common to the respective users is additionally required, thus posing a problem. In the common key system (2), if the private key common to the respective users has leaked due to some reason, a person who acquired the leaked private key can decrypt all encrypted files, thus posing a problem. For this reason, the common key system (2) is not suitable for the file sharing system.
On the other hand, in the proxy re-encryption system (3), since the server apparatus re-encrypts one ciphertext to that which can be decrypted by each user, using a re-encryption key, a configuration which does not notify the users of the re-encryption key is adopted, thus solving the aforementioned problems. For this reason, the proxy re-encryption system (3) is suitable for the file sharing system.
In the proxy re-encryption system (3), however, if the user utilizes the file-sharing service provided by a third party (by, for example, accessing a server apparatus via the Internet), he or she cannot rely on the server apparatus so much. It is therefore desired that only the user should generate his or her private key and should hold the private key.
Here arises a problem with the proxy re-encryption system (3). The proxy re-encryption system (3) requires a private key (hereinafter called “group private key”) for updating the re-encryption key, which corresponds to the group public key. As a result, the re-encryption key cannot be updated if the group administrator is absent, unless the private key of each user has been disclosed to the group administrator.
Accordingly, an object of this invention is to provide a server apparatus and a program, which can update the re-encryption key even if the private key of each user has not been disclosed to the group administrator and if the group administrator is absent.